Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
Uganda election: Bobi Wine 'fearful for life' after Museveni win
Uganda's general election. 16 January 2021 5.85 million votes were won by Yoweri Museveni, according to the Electoral Commission. 3.48 million votes were won by Bobi Wine, his main rival, the commission said...
Posted on 17 January 2021 9:28 am
UK Police mistakenly deleted 150,000 arrest records in software glitch
Reportedly, a software glitch wiped DNA and fingerprint data from the police computer. The UK government has acknowledged that a technical glitch resulted in the accidental deletion of 150,000 arrest records from police databases across the country...
Posted on 17 January 2021 5:31 am
Parler CEO goes into hiding blaming Amazon flak, death threats
WASHINGTON: The chief executive officer of Parler LLC says he’s gone into hiding after receiving death threats. John Matze Jr’s social media platform was briefly the new home to conservative supporters of Donald Trump who flocked to it after Twitter banned the president...
Posted on 17 January 2021 1:45 am
FIN11 e-crime group shifted to CL0P ransomware and big game hunting
Derek B. Johnson reports: The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise...
Posted on 17 January 2021 12:21 am
Hacker Blows Chance at Early Release By Hacking More
The Federal Correctional Institution, Terre Haute, Indiana (Source: Bureau of Prisons) The U.S. Department of Justice has charged Ardit Ferizi, a Kosovo citizen, with fraud and identity theft, accusing him of continuing to commit various cybercrimes while he was behind bars and serving a 20-year...
Posted on 16 January 2021 8:51 pm
Undisclosed Apache Velocity XSS vulnerability impacts GOV sites
An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project...
Posted on 16 January 2021 8:33 pm
NA - CVE-2021-21247 - OneDev is an all-in-one devops platform. In...
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page...
Posted on 16 January 2021 5:04 am
WhatsApp Web users must drop everything for this; your phone number could be exposed
Posted on 16 January 2021 4:14 am
NSA Appoints Rob Joyce as Cyber Director
Joyce will replace Anne Neuberger, who this week was appointed Deputy National Security Advisor for Cyber and Emerging Technology for the National Security Council (NSC), the incoming Biden administration announced...
Posted on 16 January 2021 3:48 am
Hackers leaked altered Pfizer data to sabotage trust in vaccines
The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines...
Posted on 16 January 2021 3:48 am
Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget
Read the original article: Managing Cybersecurity Costs: Bake These Ingredients Into Your Annual Budget As businesses across all industries evolve, once discretionary expenses become operating costs. Insurance coverage, for example, is pretty much ‘a must’ across many industries...
Posted on 16 January 2021 1:57 am
IT Security Trends in the Era of COVID: Our Top Five Tips for Making Your Network Safer in 2021
As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting work model, and for many businesses that may be the case for an indefinite period of time...
Posted on 15 January 2021 11:53 pm
Biden Inauguration: Defending Against Cyberthreats
Photo: Virginia National Guard. As thousands of National Guard troops pour into Washington to provide security for the Jan. 20 inauguration of Joe Biden as president, cybersecurity analysts are calling attention to the need to defend against cyber incidents as well...
Posted on 15 January 2021 10:44 pm
Joker's Stash, a forum for stolen data, says it will shut down within 30 days
financial Joker's Stash, a forum for stolen data, says it will shut down within 30 days.
Written by Jan 15, 2021 | CYBERSCOOP. Jeff Stone An administrator of a notorious forum for stolen payment data and illicitly obtained personal information says they will shutter the site in 30 days...
Posted on 15 January 2021 9:42 pm
Misconfigurations: A Hidden but Preventable Threat to Cloud Data
Working in the cloud has many advantages. But to handle your information safely, you should know how to defend against the common problem of misconfigurations leaving cloud data open to thieves. What are the Benefits of Cloud Computing? Many groups are expanding their use of the cloud...
Posted on 15 January 2021 6:36 pm
NSA Offers Guidance on Adopting Encrypted DNS
The U.S. National Security Agency has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors...
Posted on 15 January 2021 5:39 pm
Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam
Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active. There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk...
Posted on 15 January 2021 5:17 pm
Ransomware Disrupts Scottish Environment Protection Agency
Conti's data leak site claims to have now published 7% of the files it stole from SEPA (Source: Kela) The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data...
Posted on 15 January 2021 1:44 pm
Smartphone giant Xiaomi reels as US ramps up China blacklist
Shares in Xiaomi collapsed on Friday after the United States blacklisted the smartphone giant and a host of other Chinese firms as the Trump administration aims to cement its trade war legacy against Beijing...
Posted on 15 January 2021 1:38 pm
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
by January 15, 2021. GIXnews Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor...
Posted on 15 January 2021 1:22 pm
NZ central bank governor apologises after cyberattack resulted in serious data breach - ETCIO.com
The head of the Reserve Bank of New Zealand (RBNZ) apologised on Friday after a recent cyberattack led to a serious data breach at the central bank, and brought in an independent investigator to review the incident...
Posted on 15 January 2021 12:55 pm
SolarWinds Supply Chain Hack: Investigation Update
Also: Security Education in 2021; How to Retain SOC Talent January 15, 2021 11 Minutes
The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation...
Posted on 15 January 2021 9:57 am
SolarLeaks Selling Alleged Source Code from Microsoft, Cisco | Avast
by January 15, 2021. GIXnews Various sensitive source codes belonging to Microsoft, Cisco, FireEye, and network management company SolarWinds are allegedly for sale on a website called SolarLeaks. The site was launched this week, about a month after a cyberattack on SolarWinds that led to a supply chain attack impacting 18,000 customers...
Posted on 15 January 2021 8:51 am
Securing the "New Tomorrow" in Financial Services
AS we begin 2021, many financial services companies are turning their attention to planning for the future - this means adapting to a hybrid workforce and a much greater reliance on cloud for operational efficiencies...
Posted on 15 January 2021 8:41 am
Home Office accidentally DELETES 150,000 fingerprint, DNA and arrest records from police databases
However, the omissions would appear to at least impinge on police power to reopen investigations should more evidence come to light in certain cases. He said in a statement: 'The Home Secretary must take responsibility for this serious problem...
Posted on 15 January 2021 6:55 am
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files...
Posted on 15 January 2021 6:06 am
GeekWire - Information, Cyber, Network Security News.
Ministry of Defence’s cyber warfare drive is helping burn a hole through its budget, warns UK’s National Audit Office.
The Ministry of Defence’s multibillion budget overrun has been caused in part because of its spending splurge on flashy new “cyber” capabilities, according to the National Audit Office...
Posted on 15 January 2021 5:27 am
NA - CVE-2020-29493 - DELL EMC Avamar Server, versions 19.1, 19.2,...
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data...
Posted on 15 January 2021 5:00 am
Warning as hackers breach MFA to target cloud services
According to CISA, it has verified one of the users had their account breached even though they were using “proper multi-factor authentication (MFA).” Last year, it was reported that threat actors have been using legitimate tools to compromise Cloud-based assets...
Posted on 14 January 2021 11:08 pm
5 Cybersecurity Best Practices For Planning Ahead
Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation...
Posted on 14 January 2021 10:57 pm
AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
Original release date: January 8, 2021. Summary. This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...
Posted on 8 January 2021 4:36 pm
AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Original release date: December 17, 2020 | Last revised: January 7, 2021. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020...
Posted on 17 December 2020 3:00 pm
AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
Original release date: December 10, 2020. Summary. This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC)...
Posted on 10 December 2020 5:00 pm
AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
Original release date: December 1, 2020. Summary. This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...
Posted on 1 December 2020 6:00 pm
AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
Original release date: October 30, 2020 | Last revised: November 3, 2020. Summary. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework...
Posted on 30 October 2020 6:11 pm
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
Original release date: October 28, 2020 | Last revised: November 2, 2020. Summary. This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection...
Posted on 28 October 2020 11:07 pm
AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky
Original release date: October 27, 2020. Summary. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques...
Posted on 27 October 2020 5:00 pm
AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
Original release date: October 22, 2020. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U...
Posted on 22 October 2020 4:00 pm
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Original release date: October 22, 2020 | Last revised: December 1, 2020. Summary. This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework...
Posted on 22 October 2020 12:44 pm
AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
Original release date: October 9, 2020 | Last revised: October 24, 2020. Summary. This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework...
Posted on 9 October 2020 8:21 pm
Robot Motion Servers
This Alert contains a public report of a Remote Code Execution vulnerability affecting robot motion servers written in OEM exclusive programming languages running on the robot controller.
Posted on 4 August 2020 2:10 pm
This ALERT details vulnerabilities in SweynTooth's Bluetooth Low Energy (BLE) proof-of-concept (PoC) exploit code. This report was released without coordination with some of the affected vendors and without advance coordination with CISA...
Posted on 3 March 2020 3:20 pm
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A)
This updated alert is a follow-up to the original alert titled ICS-ALERT-19-225-01 Mitsubishi Electric smartRTU and INEA ME-RTU that was published August 13, 2019, on the ICS webpage on us-cert.gov. CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices...
Posted on 10 September 2019 2:30 pm
CAN Bus Network Implementation in Avionics
CISA is aware of a public report of insecure implementation of CAN bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft...
Posted on 30 July 2019 1:00 pm
DICOM Standard in Medical Devices
NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information...
Posted on 11 June 2019 4:15 pm
Meltdown and Spectre Vulnerabilities (Update J)
This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update I) that was published September 11, 2018, on the NCCIC/ICS-CERT website.
Posted on 11 January 2018 5:51 pm
NCCIC is aware of a public report of an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. According to this report, the vulnerability is exploitable by sending a TCP payload on the bound port...
Posted on 7 December 2017 9:11 pm
Eaton ELCSoft Vulnerabilities
NCCIC/ICS-CERT is aware of a public report of buffer overflow vulnerabilities affecting Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers. According to the public report, which was coordinated with ICS-CERT prior to its public release, researcher Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative, identified that an attacker can leverage these vulnerabilities to execute arbitrary code in the context of the process...
Posted on 4 August 2017 7:11 pm
CAN Bus Standard Vulnerability
NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard...
Posted on 28 July 2017 7:34 pm
CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers...
Posted on 25 July 2017 4:45 pm